VulnerableCode Package Details - pkg:pypi/sickrage@9.3.70.dev2

Search for packages

Vulnerability	Summary	Fixed by
VCID-9ecn-dwux-93b8 Aliases: CVE-2021-25925 GHSA-rmp7-f2vp-3rq4 PYSEC-2021-147	in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly when processed by the server. Therefore, an attacker can inject arbitrary JavaScript code inside the application, and possibly steal a user’s sensitive information.	10.0.11.dev2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 10.0.12.dev1 Affected by 0 other vulnerabilities.
VCID-tj9t-5zn5-e3ca Aliases: CVE-2021-25926 GHSA-x823-j7c4-vpc5 PYSEC-2021-148	In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly in the `quicksearch` feature. Therefore, an attacker can steal a user's sessionID to masquerade as a victim user, to carry out any actions in the context of the user.	10.0.11.dev2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 10.0.12.dev1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-9ecn-dwux-93b8
Aliases:
CVE-2021-25925
GHSA-rmp7-f2vp-3rq4
PYSEC-2021-147

in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly when processed by the server. Therefore, an attacker can inject arbitrary JavaScript code inside the application, and possibly steal a user’s sensitive information.

10.0.11.dev2
Affected by 2 other vulnerabilities.

10.0.12.dev1
Affected by 0 other vulnerabilities.

VCID-tj9t-5zn5-e3ca
Aliases:
CVE-2021-25926
GHSA-x823-j7c4-vpc5
PYSEC-2021-148

In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly in the `quicksearch` feature. Therefore, an attacker can steal a user's sessionID to masquerade as a victim user, to carry out any actions in the context of the user.

10.0.11.dev2
Affected by 2 other vulnerabilities.

10.0.12.dev1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-31T09:39:57.495067+00:00	PyPI Importer	Affected by	VCID-9ecn-dwux-93b8	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-05-31T09:39:55.094148+00:00	PyPI Importer	Affected by	VCID-tj9t-5zn5-e3ca	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-05-30T20:22:36.008491+00:00	Pypa Importer	Affected by	VCID-tj9t-5zn5-e3ca	https://github.com/pypa/advisory-database/blob/main/vulns/sickrage/PYSEC-2021-148.yaml	38.6.0
2026-05-30T20:22:32.420832+00:00	Pypa Importer	Affected by	VCID-9ecn-dwux-93b8	https://github.com/pypa/advisory-database/blob/main/vulns/sickrage/PYSEC-2021-147.yaml	38.6.0